Super technology network security risk assessment service, comprehensively understand the security risks faced by the network system

With the coming of information age , The Internet has become an indispensable part of people's work and life , While the Internet brings us convenience , It also brings many network threats . As an enterprise, it needs the asset value of information system 、 potential threat potential menace 、 weak link 、 Analyze the protective measures that have been taken , Judge the probability of safety events and possible losses , Propose risk management measures .

service content

The purpose of super technology network security risk assessment service is to analyze the security status of customer information system , Comprehensively understand and master the security risks faced by the system , Determine the level of safety risks in the system , And for the problems found in the risk assessment , Provide solutions , Assist users to solve .

The specific content includes the current situation of user information system security , Threats to information assets 、 Existing vulnerability 、 Assessment of the possibility of occurrence of risks caused by existing protective measures and comprehensive effects , Finally, provide a comprehensive risk assessment report .

Service process

1、 Asset identification

Asset identification is mainly completed by issuing an asset questionnaire to the appraised party . When identifying assets , Based on the asset list provided by the appraised party , Mark important and critical assets , Detailed classification of assets within the scope of evaluation . According to the form of assets , Assets can be divided into data 、 Software 、 Hardware 、 Types of services and personnel .

According to the confidentiality of assets 、 Different requirements for integrity and availability , Assign confidentiality to assets 、 Integrity assignment 、 Availability assignment and asset importance assignment .

2、 Threat identification

In the threat assessment stage, the evaluator combines the current common human threats 、 Its possible motivation 、 Exploitable weaknesses 、 Identify the possible attack methods and consequences of the threat source . After the completion of threat identification, the possibility of threat occurrence should also be evaluated , List threats , Describe threat attributes , And assign a value to the frequency of the threat .

3、 Vulnerability identification

Vulnerability is divided into management vulnerability and technology vulnerability . Management vulnerability is mainly through the issuance of management vulnerability questionnaires 、 Interview and collect and analyze the existing management system to complete ; Technical vulnerability is mainly identified by means of professional vulnerability detection tools and inspection of various software and hardware security configurations within the assessment scope . After vulnerability identification , The vulnerability severity of specific assets should be assigned , The greater the numerical , The higher the severity of vulnerability .

4、 Protection capability evaluation

Identify existing protective measures , Test the data protection effect .

5、 risk analysis

Adopt appropriate methods and tools for safety risk analysis and calculation . You can choose the corresponding risk calculation method to calculate the risk value according to your own situation , Such as matrix method or phase multiplication . If the value at risk is within an acceptable range , Then change the risk to acceptable risk ; If the value at risk is outside the acceptable range , It is necessary to formulate and implement a risk treatment plan to reduce the risk level , And assess residual risks , Reduce the residual risk value to an acceptable range .

6、 Landing repair plan

Security vulnerability repair suggestions , Risk response suggestions .

Application scenarios

Compliance scenario

Carry out risk assessment as required , Meet compliance requirements .

Business scenario

Safety inspection before the system goes online , Regular safety inspection after online , prevent “ With disease ” function .

Event scenario

Identify security risks , To avoid being notified by the supervision and competent units .

Re insurance scenario

Comprehensive screening of security risks , Ensure the safe and stable operation of the business during the re insurance period .

Super tech is an expert in information security solutions , It is a fast-growing innovative technology company led by Mr. Lu Zhaoxi . The company has gathered the top security experts in China , Based on secure big data , With AI Driven by deep learning ability , Created the first distributed security node defense system and video behavior data analysis system in China , At the same time, we are deeply engaged in the field of data security , We have developed a series of data security products . In the future, super technology will continue to “ Security guard dream ” For the mission , Committed to building a competitive 、 High quality network security cloud products and services , Become a leading enterprise in the field of network security , For Cloud Computing “ Green energy saving ”, Contribute to the elimination of the digital divide in the whole society .

Super technology owns super cloud （ Alibaba cloud strategic partner ）、 Data security products 、 Smart security products 、 A series of cloud products such as network security products and security service products + Security defense products . In order to better provide cloud defense services , In Zhejiang 、 hubei 、 Southeast Asia has its own cleaning center , Long term cooperation with multiple cleaning centers . In Wuhan 、 Xiangyang and other places have set up many branches , At the same time in Beijing 、 Shenzhen 、 wuhan 、 Chengdu 、 Changsha 、 Xi'an 、 Set up sales offices in Xiamen and other places , As close to 500 Home government 、 game 、 Finance 、 Online retailers 、 Short video 、 manufacturing 、 education 、 Customers in the pan media and online reading industries provide cloud security solutions .